Update on PetitionOnline DDoS attack thru Friday, 2009.0619

This forum is for friendly discussion among DesignCommunity members on weather, sports, politics, fishing, and those other parts of life that don't fit into the topic-specific DesCom discussions.

Update on PetitionOnline DDoS attack thru Friday, 2009.0619

Postby Kevin » Tue Jun 16, 2009 1:12 pm

As of Tuesday, 2009.0616, we are now four days into this unfolding disaster, continuing to escalate step by step in the effort to get PetitionOnline back online just as quickly as possible.

General information, useful links, and earlier comments are available here:
http://www.designcommunity.com/forums/v ... hp?t=28380

During the day and into the evening yesterday, a few experiments in filtering the DDoS attack by our server hosting service NTT/Verio helped PetitionOnline appear online briefly yesterday for a couple of times, up to an hour at one point. But these were not successful enough and Verio again "null routed" the PetitionOnline IP number.

Apparently the attack is high enough volume, and targeted in such a way, that it floods out not only PetitionOnline, but many other servers sharing the same networking branch at the Verio server center.

So in response to the attack, NTT/Verio shuts PetitionOnline off from the Internet entirely at an earlier place in the network, so the rest of the large server center, not under attack, can run normally.

Of course those other servers do not deserve to suffer just because their neighbor, PetitionOnline, is under attack.

But neither should a huge, sophisticated hosting company like NTT/Verio just throw PetitionOnline to the sharks, as an easy way to duck the attack disabling their own network infrastructure, and then sit watching from the sidelines.

A thoughtful tech blog discusses how to respond to DDoS attacks. Much of what it describes are general good server and network operation policies, which we have long engaged in as PetitionOnline, a free service supported only by donations and some Google AdSense ads, has grown to world-wide recognition with volumes sometimes over four million users per month.

Anyway, back to this tech blog posting. Along with listing both good practices and specific responses...

The Ancient Geeks wrote:If your ISP is the kind that null-routes his customers at the first sign of a DDoS, nothing else of what you could do matters; your site will be killed by your own ISP anyway.


That's one of the holes we seem to be stuck trying to dig out of.

Seeking help in another direction, we sent this letter to our local FBI office:

Artifice email wrote:From: Kevin Matthews <matthews@artifice.com>
Date: Mon, 15 Jun 2009 14:39:02 -0700
To: FBI Portland <portland@ic.fbi.gov>
Cc: Artifice Support <support@artifice.com>, etc.
Subject: large DDoS attack on PetitionOnline.com

FBI Portland
1500 SW 1st Ave, Suite 400
Portland, OR 97201
Phone: (503) 224-4181
Fax: (503) 552-5400
E-mail: portland@ic.fbi.gov

Dear FBI Portland,

Our free online-petition hosting web web site, PetitionOnline.com, has been continuously inaccessible for more than 72 hours now due to a large DDoS attack as diagnosed by the technical staff at Verio, a sophisticated nationwide web hosting provider.

The PetitionOnline site is significant, serving a couple of million monthly visitors (Alexa rank typically in top 5000, has peaked recently around 1000) with 30K-50K signatures collected daily on tens of thousands of active petitions. Close to 70 million petition signatures have been collected in total at PetitionOnline. Alexa lists more than 21,000 sites linking in to PetitionOnline.

These petitions address matters of local, national, and international significance, and have generated results ranging from public apologies by global corporations to financially important national legislation. See for instance our mention in this Washington Post article:
http://www.washingtonpost.com/wp-dyn/co ... 01467.html

The current DDoS attack on PetitionOnline seems to have progressed far beyond the prank stage. Given the nature of PetitionOnline related to grassroots advocacy, there is a good chance there is some kind of political motive behind this massive and anonymous attack. I suppose an alternative hypothesis would be commericial sabotage from a site competitior. We not received anything like an extortion request.

While PetitionOnline is being sabotaged, we are losing real revenue every hour, losing invaluable site reputation built up over nearly ten years without an outage a fraction of this length, and we are watching the ernest causes of tens of thousands of petition authors be damaged all the while.

Our research on DDoS attacks suggests that perhaps only with sophisticated law enforcment involvement can a response be mounted capable of getting to the source of a DDoS attack.

This is slowly (so far) becoming a public issue, with word of mouth starting to gather across the Internet:
http://www.designcommunity.com/forums/v ... hp?t=28380
http://www.redcounty.com/petitiononlinecom-under-attack

After more than three days of outage with no direct way to contact our enormous client base, time is of the essence for us.

Can the FBI help?

What should we do to help ourselves, and the FBI as well?

Thank you sincerely,

Kevin Matthews
President
Artifice, Inc.
541-345-7421 office
541-345-7438 fax
PO Box 1588
Eugene, OR 97440


In the course of telephone follow-up, the Portland FBI acknowledged the letter, and sent it forward to their cyber crimes team.
Last edited by Kevin on Fri Jun 19, 2009 10:11 am, edited 2 times in total.
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

Coincidence, or crime?

Postby Ed Ziomek » Tue Jun 16, 2009 2:20 pm

First of all, good luck with your investigation efforts.

Second of all, it seems like YouTube was also crushed with slow and blocked service, due to massive, crushing requests for Iranian hourly feeds which were being uploaded, and it seems like masses of people were using that server for their only hour by hour news.

In the last several hours, the Iranian government apparently outlawed any street side video taping and news reporting.

I strongly suspect that the internet is the new battleground, and your PetitionOnline and similar "voices of the people" are the threats to the "old guard", the old political maneuvering. I would place my money on Iranian government subterfuge on the internet side, they certainly have the incredible intelligence to do it.

So keep investigating, be vigilant, and keep up the good work.
Ed Ziomek
 
Posts: 795
Joined: Tue Jun 07, 2005 8:24 am
Location: Stamford, Connecticut

PetitionOnline accessible again...

Postby Kevin » Tue Jun 16, 2009 6:26 pm

As of Tuesday afternoon, June 16, 2009:

A short while ago, we noticed that PetitionOnline was accessible again, and Verio Support just called to report that, at the current time, they have some upstream network filtering in place which is allowing regular web traffic to reach the site.

http://www.PetitionOnline.com/

The DDoS attack is continuing behind the network filters, and the situation remains significantly unpredictable. We're going to be keeping a close eye on everything.

We are guardedly optimistic for the time being, hoping for the best in terms of maintaining a successful-at-last defense against the attack, while continuing to prepare for and fortify against the worst.

Please keep in mind that, with PetitionOnline accessible again after being blocked for so long, the server is likely to be heavily loaded for as much as a day or so - even if the attack ends or the filters continue to effective.

Everyone's patience and support is so much appreciated.

Long live free speech!

best wishes,

Kevin
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

BBC andYahoo news...

Postby Ed Ziomek » Wed Jun 17, 2009 1:42 am

Kevin, I believe this BBC/Yahoo News feed asks the question and explains the majority of the problems PetitionOnline experienced...

Can technology force change in Iran?
http://cosmos.bcst.yahoo.com/up/player/ ... 4&src=news

BBC basically confirms your fears, where Iran actively is impeding the internet and Twitter, and other means of electronic communications, even satellite dish owners.

On top of the politically motivated, active interruption attempts, there is the crush of millions of Iranians accessing the American websites for up to the minute news and video, causing the system to be overwhelmed, then blocked.

For the first time in world history, we have minute by minute updates of problems from all over the world, accessible anywhere and everywhere.
Ed Ziomek
 
Posts: 795
Joined: Tue Jun 07, 2005 8:24 am
Location: Stamford, Connecticut

Update at noon, 2009.0617

Postby Kevin » Wed Jun 17, 2009 3:22 pm

PetitionOnline was accessible for about 10 hours Tuesday afternoon and evening, and then we seemed to lose ground gained against the continuing attack, until the site became inaccessible again in the early morning (relative to PDT). And that's how it still stands at this moment, while we continue to work on multiple channels backstage.
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

Afternoon update Wednesday, 2009.0617

Postby Kevin » Wed Jun 17, 2009 7:05 pm

As of Wednesday afternoon, 2009.0617:

Some details from NTT/Verio on the continuing DDoS attack on PetitionOnline...

"Verio deals with DoS attacks against our customers on a regular basis. Typically, attacks are relatively small and originate from a single or small number of sources which can be easily blocked or filtered.

"The attack on your account is extremely large, likely targeted from a botnet, with at one point in time, during a 3 minute window, over 350,000 unique IP addresses sending traffic to your server.

"Due to the nature of the attack the initial efforts, including using a device similar to those you have asked about, by both Verio Network Security and NTTCom Backbone Security did not work as expected.

"By yesterday afternoon, after carefully reviewing the traffic, Verio was able to create some filters that blocked much of the malicious traffic. At that time your web site was again accessible.

"Unfortunately, this morning the traffic to your server, after passing through our filters, was too great and was affecting other customers as well. Verio was forced to null route your IP address again while our Network Security team works to identify new means to filter the traffic.

"Earlier today, during a 15 minute interval your site endured over 2.5 million hits from individual IP addresses. This is a massive and sophisticated attack."

So... while it's taking far more than I would accept to get on top of it, we're still in there fighting. We have absolutely no intention of letting deceitful sabotage win out over the power of grassroots free speech.

Thanks for your continuing stalwart support in this unexpected struggle.
Last edited by Kevin on Thu Jun 18, 2009 1:38 pm, edited 3 times in total.
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

Postby Kevin » Thu Jun 18, 2009 1:53 pm

As of Thursday afternoon, 2009.0618:

We've been on and off over the last couple of days, and since very early Thursday morning (2009.0618) PetitionOnline has been accessible again, up to approximately this moment. That could change again instantly.

The massive DDoS attack is continuing, but NTT/Verio Network Operations has now been successful for more than fifteen hours straight with ongoing network filter adjustments to keep PetitionOnline available.

You can now follow us on Twitter @petitiononline too.
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

Postby Kevin » Fri Jun 19, 2009 10:07 am

As of Friday morning, 2009.0618:

PetitionOnline continues to be accessible online - about 36 hours straight. The basic functions of reading and signing petitions are fully functional.

The massive DDoS attack is still trying to flooding out PetitionOnline, but NTT/Verio Network Operations is successfully filtering the DDoS traffic while letting most of the real traffic through.

One side effect of this heavy filtering is that some of the specialized functions, like petition maintenance for petition authors, are not yet working.

Our own access to the site is also only partly working, so we can't yet update the home page, or handle a variety of other server admin tasks. We are working with Verio to be able to restore admin access both for PetitionOnline staff and for petition authors, probably in that order.
User avatar
Kevin
Site Admin
 
Posts: 1885
Joined: Tue Apr 13, 2004 6:59 pm
Location: Eugene, Oregon

Petition Online, Leading Edge of Evolving Cyber attack

Postby Ed Ziomek » Wed Jul 08, 2009 5:19 pm

Back in mid-June, Petition Online was one of the first public forum sites to be attacked, followed by successive attacks across the world, in Western-friendly situations.

Yesterday and today it is reported that even the White House experienced some form of cyber attack.

And Microsoft for the last 2 days has reported a breach in its Internet Explorer, Windows XP software.

I think this is just the warm up pitch.

I think the real target is the American banking, ATM, and credit card systems, and the aim is to bring down overnight the American economy should either North Korea or Iran be attacked militarily.

If you watch the great movie, Slum Dog Millionaire, you have ordinary workers having direct access to personal credit card information of millions of people around the world, via the credit card customer service system. And I don't want to sound like I am singling out India, as this service is provided in tens of countries around the world.

Our most vulnerable system, that effects 98% of all Americans, and 99% of all retailers, is the credit card, banking, and ATM systems.

And it sounds like Iran and North Korea, customers of each other in military hardware and missle technology, are working in concert with each other to disrupt the western economies.

We are still under attack I believe.

North Korean hackers blamed for sweeping cyber attack on US networks
http://features.csmonitor.com/innovatio ... -networks/

From Jan 2009, MSNBC and Associated Press...
Intel director: Iran, cyber threats biggest worry
http://www.msnbc.msn.com/id/28699004/

July 7, 2009
Microsoft warns of serious Internet Explorer Security Hole
http://article.wn.com/view/2009/07/06/M ... rity_hole/
Ed Ziomek
 
Posts: 795
Joined: Tue Jun 07, 2005 8:24 am
Location: Stamford, Connecticut

Re: Update on PetitionOnline DDoS attack thru Friday, 2009.0

Postby swayalign » Thu Jul 14, 2011 4:51 pm

What are we doing to prevent this kind of attack from happening again? There have been a lot of publicized attacks coming from overseas as of late and it seems as if even the big corporations are even unable to protect themselves. Hopefully they just decide not to take action against places that don't have political influence or affiliation.
swayalign
 
Posts: 6
Joined: Wed Jul 13, 2011 4:52 pm

Video youtube https://www.youtube.com/watch?v=ymb9e2nNOZY

Postby TenHuddyFen » Tue Jan 06, 2015 5:29 pm

It agree, the helpful information
Video
https://www.youtube.com/watch?v=MdPdC-PKZtM
TenHuddyFen
 
Posts: 2
Joined: Sun Sep 26, 2010 1:30 am

Video youtube https://www.youtube.com/watch?v=iSR_GmaaMj4

Postby TenHuddyFen » Wed Jan 07, 2015 10:04 pm

I thank for the help in this question, now I will know.
Video
https://www.youtube.com/watch?v=bjA2K1J0IbI
TenHuddyFen
 
Posts: 2
Joined: Sun Sep 26, 2010 1:30 am


Return to Fireside Forum

Who is online

Users browsing this forum: No registered users and 3 guests

User Control Panel

Login

Who is online

In this forum zone there are 3 users online :: 0 registered, 0 hidden and 3 guests (based on users active over the past 5 minutes)
Most users ever online was 508 on Thu Jun 25, 2009 11:21 am

Users browsing this forum: No registered users and 3 guests
DesignCommunity   ·   ArchitectureWeek   ·   Great Buildings   ·   Archiplanet   ·   Books   ·   Blogs   ·   Search
Special thanks to our sustaining subscribers Building Design UK, Building Design News UK, and Building Design Tenders UK.